Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-30 Thread Goran Rakic
У нед, 29. 08 2010. у 04:17 +0200, Mounir IDRASSI пише:

 After some digging, I found that part of the problem is caused by the 
 functions c2i_ASN1_INTEGER and d2i_ASN1_UINTEGER in file 
 crypto\asn1\a_int.c. At lines 244 and 314, there is an if block that 
 removes any leading zeros. Commenting out these blocks solves the DER 
 encoding mismatch but the verification still fails because the computed 
 digest is different from the recovered one.

Thank you, I can confirm that your suggestion is working.

Applying a patch that you described does solve a problem for me. The
MUPCAGradjani certificate can be verified against the MUPCARoot, as well
as certificates issued by the MUPCAGradjani, like the two personal
certificates I have on my eID card. I had to reconvert DER to PEM with
patched openssl to get PEM certificates with correct serial number

I read the other messages in this thread, but I am not an expert in the
field so I do not know if openssl should add a support for incorrect
serial numbers. In RFC 3280 there is a note about Non-conforming CAs
where section Serial number is saying that certificate users
SHOULD be prepared to gracefully handle such certificates. Maybe the
note can apply in this case?

What I do know is that without a patch openssl can not be used with
certificates issued on a Serbian national eID card. At least one other
Serbian CA is hit by the same problem ( where
PKI solution was provided by a same company.

I have published patched openssl package for Ubuntu GNU/Linux
distribution in my Ubuntu PPA at:

Kind regards,
Goran Rakic

OpenSSL Project
User Support Mailing
Automated List Manager

Re: Verify X.509 certificate, openssl verify returns bad signature

2010-08-30 Thread Goran Rakic
У пон, 30. 08 2010. у 20:38 +0200, Dr. Stephen Henson пише:

 I wouldn't advise changing the code in that way (FYI I wrote it). The normal
 workaround in OpenSSL for broken encodings is to use the original encoding
 by caching it. The attached three line patch adds this workaround for

Thanks Stephen. This preprocessor black magic looks very interesting, I
will spend some free time trying to understand it in the following days.

I read your message on openssl-dev about the issue with a dirty cache.
As a naive code reader, I am wondering could not the modified field in
the cached data be set whenever certificate data is modified to
invalidate the cache? Will this allow integrating this patch upstream?

Kind regards,
Goran Rakic

OpenSSL Project
User Support Mailing
Automated List Manager

Verify X.509 certificate, openssl verify returns bad signature

2010-08-28 Thread Goran Rakic
Hi all,

I have two X.509 certificates MUPCAGradjani.crt and MUPCARoot.crt
downloaded from

Certificate path is MUPCARoot  MUPCAGradjani and I would like to
validate MUPCAGradjani against the other. What I did is to convert both
to PEM format and rename them by hash as efd6650d.0 (Gradjani) and
fc5fe32d.0 (Root) using this script:

hash=`openssl x509 -in $1 -inform DER -noout -hash`
echo Saving $1 as $hash.0
openssl x509 -in $1 -inform DER -out $hash.0 -outform PEM

Now I run:

$ openssl verify -CApath . efd6650d.0
error 7 at 0 depth lookup:certificate signature failure
16206:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255:
16206:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 

Hm, that is not working. What am I doing wrong here?

I am running OpenSSL 0.9.8k 25 Mar 2009 on Ubuntu 10.04 GNU/Linux. I
also have my personal certificate issued by MUPCAGradjani that I would
like to verify but it is failing with the same error (just one level

$ openssl verify -CApath . qualified.pem 
qualified.pem: /CN=MUPCA Gradjani/O=MUP Republike 
Srbije/L=Beograd/C=Republika Srbija (RS)
error 7 at 1 depth lookup:certificate signature failure
16258:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:255:
16258:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 

When I install downloaded certificates in Windows using Internet
Explorer and doubleclick on my personal certificate (qualified.cer) it
looks valid. I am not sure, but I believe it is doing certificate chain
validation so the certificates and paths should be valid. After all they
are issued by a trustful CA.

Output of openssl x509 -nameopt multiline,utf8,-esc_msb -noout -text
-in $1 looks reasonable for both downloaded certificates and is the
same before and after conversion to PEM (using -inform DER in the first
case). My take on this is that I am not doing conversion properly or
maybe the original certificates are in some other format requiring extra
argument, but I can not find answer in the docs.

How can I properly validate X.509 certificate from by certificate chain?

Kind regards,

OpenSSL Project
User Support Mailing
Automated List Manager